jp10558
Premium
join:2005-06-24
Willseyville, NY
| reply to jbob
Re: Windows MetaFiles still vulnerable
So, if I go to such a page, I'll get a prompt about viewing the picture, and if I say no, no problem... So there's no vulnerability just in seeing images on a web page, it has to launch Windows Picture and Fax viewer?
--
Opera 8.5(Build 7700); Windows XP Pro SP2;Athlon 64 3400+; 1GB PC3200 DDR; 1M/128k DSL; NOD32(Version 2.5.25); Outpost Pro 3;Proxomitron 4.5j Grypen 12/2/05(Opera mod),GPG ID:0x0A1C6EE3 |
|
jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR
 ·Comcast
 ·AT&T Southwest
| From SANS today:
The orignal exploit site (unionseek.com) is no longer up. But the exploit is being served from various sites all over by now, see the F-Secure Blog on »www.f-secure.com/weblog/ for an update on the versions of the exploit found in the wild.
Regarding DEP (Data Execution Protection) of XPSP2, the default settings of DEP will not prevent this exploit from working. Comments we have received in the meantime suggest that if you enable DEP to cover all programs (as documented on Microsoft Technet ), the WMF exploit attempt will result in a warning and not run on its own.
While the original exploit only refered to the Microsoft Picture and Fax Viewer, current information is that any application which automatically displays or renders WMF files is vulnerable to the problem. This includes Google Desktop, if the indexing function finds one of the exploit WMFs on the local hard drive - see the F-Secure Weblog mentioned above for details.
********************************
I know of some guys who downloaded the file "wmf_exp.wmf" to further investigate it. |
|
